6 matches found
CVE-2023-4172
CVE-2023-4172 affects Chengdu Flash Flood Disaster Monitoring and Warning System 2.0. The vulnerability arises from improper handling of the FileDirectory argument in the FileHandler.ashx (path/file processing), enabling absolute path traversal via a remote attack. Exploitation has been disclosed...
CVE-2023-4171
CVE-2023-4171 affects Chengdu Flash Flood Disaster Monitoring and Warning System 2.0, targeting the file \Service\FileDownload.ashx (or ServiceFileDownload.ashx in some records). The vulnerability stems from improper handling of the Files argument, enabling path traversal to ../filedir. The issue...
CVE-2023-3798
CVE-2023-3798 affects Chengdu Flash Flood Disaster Monitoring and Warning System 2.0. The vulnerability is in the file path "/App_Resource/UEditor/server/upload.aspx" where manipulation of the file parameter enables unrestricted file upload. Exploitation status is disclosed publicly in the source...
CVE-2023-3803
CVE-2023-3803 affects Chengdu Flash Flood Disaster Monitoring and Warning System 2.0, specifically the File Name Handler component and the /Service/ImageStationDataService.asmx file. The root cause is a flaw that leads to insufficiently random values. Documented attack complexity is high and expl...
CVE-2023-3802
CVE-2023-3802 affects Chengdu Flash Flood Disaster Monitoring and Warning System 2.0. The issue resides in the file /Controller/Ajaxfileupload.ashx, where manipulating the file argument enables unrestricted file uploads. Public disclosure of the exploit is noted. Remediation details are not expli...
CVE-2023-3804
CVE-2023-3804 affects Chengdu Flash Flood Disaster Monitoring and Warning System 2.0. The vulnerability is in the file /Service/FileHandler.ashx, where manipulation of the argument userFile enables unrestricted upload. The exploit has been publicly disclosed. Several sources confirm this is a cod...